README
¶
Forked to reuse the certificate https://github.com/libp2p/go-libp2p-tls/issues/35
Below is the original readme
go-libp2p-tls
go-libp2p's TLS encrypted transport
Package go-libp2p-tls is a libp2p conn security transport. It uses TLS to setup the communication channel.
Install
go-libp2p-tls is a standard Go module which can be installed with:
go get github.com/libp2p/go-libp2p-tls
This repo is gomod-compatible, and users of
go 1.11 and later with modules enabled will automatically pull the latest tagged release
by referencing this package. Upgrades to future releases can be managed using go get,
or by editing your go.mod file as described by the gomod documentation.
Contribute
Feel free to join in. All welcome. Open an issue!
This repository falls under the libp2p Code of Conduct.
Want to hack on libp2p?
License
MIT
The last gx published version of this module was: 0.1.0: QmR4qpcxA1UoHg7SZ89hJHYCpfrxToPjH9xSCug1cQeH1M
Documentation
¶
Index ¶
Constants ¶
const ID = "/tls/1.0.0"
ID is the protocol ID (used when negotiating with multistream)
Variables ¶
This section is empty.
Functions ¶
func PubKeyFromCertChain ¶
func PubKeyFromCertChain(chain []*x509.Certificate) (ic.PubKey, error)
PubKeyFromCertChain verifies the certificate chain and extract the remote's public key.
Types ¶
type Identity ¶
type Identity struct {
// contains filtered or unexported fields
}
Identity is used to secure connections
func NewIdentity ¶
NewIdentity creates a new identity
func (*Identity) ConfigForAny ¶
ConfigForAny is a short-hand for ConfigForPeer("").
func (*Identity) ConfigForPeer ¶
ConfigForPeer creates a new single-use tls.Config that verifies the peer's certificate chain and returns the peer's public key via the channel. If the peer ID is empty, the returned config will accept any peer.
It should be used to create a new tls.Config before securing either an incoming or outgoing connection.
func (*Identity) ReusableConfigForAny ¶
ReusableConfigForAny is a short-hand for ReusableConfigForPeer("").
func (*Identity) ReusableConfigForPeer ¶
ReusableConfigForPeer creates a new multi-use tls.Config that verifies the peer's certificate chain. If the peer ID is empty, the returned config will accept any peer.
It should be used to create a new tls.Config before securing either an incoming or outgoing connection.
type Transport ¶
type Transport struct {
// contains filtered or unexported fields
}
Transport constructs secure communication sessions for a peer.
func (*Transport) SecureInbound ¶
SecureInbound runs the TLS handshake as a server.
func (*Transport) SecureOutbound ¶
func (t *Transport) SecureOutbound(ctx context.Context, insecure net.Conn, p peer.ID) (sec.SecureConn, error)
SecureOutbound runs the TLS handshake as a client. Note that SecureOutbound will not return an error if the server doesn't accept the certificate. This is due to the fact that in TLS 1.3, the client sends its certificate and the ClientFinished in the same flight, and can send application data immediately afterwards. If the handshake fails, the server will close the connection. The client will notice this after 1 RTT when calling Read.
Source Files
Directories